Standing along Pine Street in St. Louis, watching a pop-up bike lane in action, I struck up a conversation with a 64-year-old MetroBus...
Most of us know that Yahoo was the victim of a cyberattack this year, and that the data of more than 500 million users was stolen. Not enough of us, though, give sufficient thought to the possibility of this sort of thing happening to our own small businesses right here in mid-Missouri.
Business owners and managers are focused on growing and maintaining their companies — on sales, personnel, service, inventory, and so many other things. But this means they can overlook less common, but potentially dire, threats. One of the most critical protective measures for any small business is implementing measures to protect you and your customers from hackers who want to steal the data in your system and the money from your accounts.
It’s an easy thing to put on the backburner. Many small business leaders think they’re less likely to be a target because of their smaller size and lower profile. Others may think it’ll be easier to deal with a data breach once it has happened than it would be to install protections in the first place.
For perspective, let’s look at some statistics from the Better Business Bureau’s Institute for Marketplace Ethics:
We can see that the reality may be very different from what we’re thinking. Small businesses, in fact, are more frequent targets than big businesses, and there is often little that can be done once data or money is stolen. The threat of cyberattack is very real for small businesses, and the damage can be crippling. Be prepared.
Cybersecurity for your business is not only about adding layers of security technology — it starts with understanding and managing your cybersecurity risks. At the BBB, we have the “5-Step Approach to Better Business Cyber Security,” based on the National Institute of Standards and Technology Cyber Security Framework. It helps you see the specifics of your business’s cybersecurity needs, helping you identify and protect data and technology assets. It’s also a good guide for how to detect, respond to, and recover from a breach. This framework is a collaboration between BBB and the National Cyber Security Alliance. For many, it will be best to approach these steps with an IT expert, but most business owners and managers will be able to use this framework to begin making their businesses safer.
Take inventory of key technologies you use and know what information you would need to rebuild your infrastructure from scratch. Inventory the key data you use and store, and keep track of likely threats.
Assess what protective measures you need to have in place to be as prepared as possible for a cyberattack. Put protective policies in place for technologies, data, and users, and ensure that your contracts with cloud and other technology service providers include the same protections.
Put measures in place to alert you of current or imminent threats to system integrity, or loss or compromise of data. Train your users to identify and speedily report incidents.
Make and practice an incident response plan to contain an attack and maintain business operations in the short term.
Know what to do to return to normal business operations after an incident. Protect sensitive data and your business reputation over the long term.
Protecting your business from cybercrime is good for you, and it’s good for your customers. Take the time, follow the steps, be ready.
Sean Spence is the regional director of Better Business Bureau Columbia.